Distributed Energy Efficient Key Distribution forDense Wireless Sensor Networks

Abhishek Goyal1, Navdeep Kaur2, Padmavati3, Kuldeep4, Ramamurthy Garimella5

1,2,3Punjab Engineering College, Chandigarh4Sikkim Manipal Institute of Technology, Sikkim

5International Institute of Information Technology, HyderabadEmail: agoyal.pec@gmail.com, navdeepkaur@pec.ac.in, padmavati@pec.ac.in

Abstract

The recent research in Wireless Sensor Networks hasled to a number of security schemes. The main require-ment in Wireless Sensor Networks is not only securitybut energy efficient security due to limited resources.We propose an energy efficient key management pro-tocol fully developed in TinyOS and tested in AvroraEmulator. In this paper, we divide the sensor networkinto levels and sectors thus solving problem of Local-ization as well. On the basis of leveling and sectoring,we propose a distributed pair wise key establishmentprotocol that establishes keys only among those nodeswhich satisfy specific criteria on the basis of level andsector. Hence energy is not wasted in establishing pairwise key with all the neighbors. Moreover nodes haveto store fewer keys. The two salient features about thisprotocol is that firstly it did not uses any central au-thority for key distribution and secondly, it providessignificant resistance to node compromise attacks.

1. Introduction

Wireless Sensor Networks are limited in energy, stor-age, computation and communication capabilities. Se-curity in sensor networks holds very significant positionsince they are deployed for very crucial purposes likeDisaster detection, Environmental monitoring, Healthcare, Military operations, etc. Security has to be addedkeeping their constraints in mind. It is already provenby some of previous works that public key cryptog-raphy is not appropriate for sensor networks due tolarge power consumption. So most of security schemesare developed using symmetric key cryptography inWSNs. An energy efficient key management protocolis prerequisite in such conditions. Key management

is the process by which cryptographic keys are gener-ated, stored, protected, transferred, loaded, used anddestroyed. The main objective of key management isto establish and maintain secure channels among twoor more communicating parties.

Although the problem of setting secret keys has beenwidely studied in general network environments, manyschemes targeted at such environments are inapplica-ble to sensor networks due to the unique features ofthe latter. Communication keys may be pair-wise keysused to secure a communication channel between twonodes that are in direct or indirect communications[8, 3, 5, 13], or they may be group keys shared by mul-tiple nodes [7, 9]. Key management provides the basicfunctions of analysis, assignment, generation, and dis-tribution [7, 9, 6].

Pair wise key establishment ensures secure node tonode communication. One approach is to pre-configurethe network with a shared unique symmetric key be-tween each pair of nodes. In this case, given a sensornetwork with n nodes, each node needs to store n-1keys and n. (n-1) keys need to be established in thenetwork [15]. In another approach pair wise key estab-lishment is achieved by introducing auxiliary sensors.These auxiliary sensors are used only for storing thekeys. Moreover they have more resources than mainsensor nodes. Hence a lot of resources are wasted [1].Still in another approach Key Distribution Centre isused. This approach, however, introduces huge com-munication overhead and is vulnerable to single pointfailure [16].

This paper presents a more energy efficient pair wisekey establishment technique in sensor networks. Allthe nodes set up their keys by communicating withtheir neighboring nodes. The basic idea is to divide thenetwork into levels and sectors to provide energy andstorage efficient key establishment. The rest of the pa-

2009 First International Conference on Computational Intelligence, Communication Systems and Networks

978-0-7695-3743-6/09 $25.00 © 2009 IEEE

DOI 10.1109/CICSYN.2009.29

143

per is organized as follows. Section 2 elaborates relatedwork. Section 3 illustrates proposed idea. In section4 we describe implementation and simulation results.Section 5 presents the mathematical work. Section 6includes conclusions and future work.

2. Related Works

Liu et al. proposed a new key pre-distributionscheme [11], which substantially improved the re-silience of the network compared to the existingschemes. This scheme exhibits a nice threshold prop-erty: When the number of compromised nodes is lessthan the threshold, the probability that communica-tions between any additional nodes are compromisedis close to zero.

Several techniques have been proposed to utilize thedeployment knowledge of sensor nodes to improve keypre-distribution protocols [10, 12, 19, 17]. However, allthese improved schemes assume that the locations ofsensor nodes can be pre-determined to a certain extent.In practice, it is usually very difficult, and sometimesimpossible, to guarantee the knowledge of sensors. ex-pected locations. Moreover, this assumption severelylimits the deployment of sensor networks.

Eschenauer and Gligor [8] proposed a random keypre-distribution scheme. In their scheme, each nodereceives a subset of random keys from a pool of keysbefore deployment. It provides an approach that anytwo nodes have one common pair wise key within theirrespective subsets for their secure communication. Us-ing this concept, Choi and Youn [4] proposed a keypre-distribution scheme which provides that any pairof sensor nodes can find a common shared key betweenthem with simple computation. However, it has a lim-itation that the time overhead is high for performingthe key pre-distribution step.

Complete survey of key distribution solutions indistributed wireless sensor networks can be found in[2].Wong and Chan propose a key exchange for low-power devices [18]. However, their approach assumesan asymmetry in computation power, that is, one ofthe participants is a more powerful server. Perrig, et al.proposed SPINS [16], a security architecture in whicheach sensor node shares a secret key with a base station.In this scheme, two sensor nodes cannot directly estab-lish a secret key; however, they can set up a shared keyusing the base station as a trusted third party. Thescheme of our work does not rely on any trusted par-ties.

In this paper, we try to solve some of the limitationsof the current key pre-distribution schemes. Some ofcurrent works in this field also proposed to use Auxil-

iary Sensors for key establishment. Auxiliary sensorsare dedicated for key management in those schemes.They however provide good security but with increasedcost and even number of auxiliary sensors tend to in-crease as number of sensor nodes increase. Accord-ing to general convention, a sensor network can con-stitute thousand of nodes, so it will be very difficultto deploy large number of auxiliary nodes just for keydistribution. A new key establishment scheme is pro-posed in the next section. It has following advantagesover other key management schemes. Firstly, levelingand sectoring restrict the number of neighbors to whichkey establishment need to be done. Thereby reducingstorage and energy consumption. Secondly, there isno need of central trusted authority to provide keysto the sensor nodes. Thus saving considerable amountof energy. Thirdly, in case a node gets compromisedit reveals only the key shared between its neighbors.The rest of the communication in the network is safe.Fourthly our protocol is not centralized but distributedone. Moreover a distinguishing property of this frame-work is that it does not require the knowledge of theexpected location of sensors. Also there is more stresson computation rather than communication in the pro-posed scheme, because communication is three ordersof magnitude costlier than computation. In this schemeall nodes compute their keys themselves

3. Proposed Protocol

There are mainly three types of communication es-sential for sensor nodes.

1. Pair wise Node Communication.

2. Node to Base Station Communication.

3. Broadcasts made by Node.

Among the above different types of communicationof sensor networks, Key establishment for Pair wise andbroadcast communication are more challenging. Be-cause all nodes can be preloaded with a unique keyNBi (for Node to base station communication), thatis known to base station only in addition to respectivenodes, thus solving problem of key establishment be-tween node and base station. So, NBi will be differentfor each node in a network. There are different methodsproposed for pair wise key establishment as describedin previous section. But our key establishment pro-tocol is light weight, energy efficient and requires lessstorage space for pair wise keys.

There are following underlying assumptions and no-tations that we have considered while formulating thisprotocol.

144

1. There is no adversary present at the time of net-work deployment and until the initial keys aresetup.

2. All the nodes know their unique IDs and arepreloaded with a master key MK and Guest Nodekey (GN). Master key is used for deriving the keysthat are used for Node to Node communicationand Guest Node keys are used for providing scala-bility to protocol, so that new nodes can be easilyadded. Broadcast key (BK) will be used to securebroadcast communication of a node.

3. Communication of a sensor node is limited with insector itself.

4. Kij is the notation for the pairwise key establishedbetween node ‘i’ and ‘j’.

These are following different phases for this key man-agement protocol.

3.1. Leveling

Initially we assumed that nodes are deployedaround base station. According to a general notion,Base Station should transmit varying power levels todivide whole network into levels as shown in figure1. But as we have developed our whole protocolin TinyOS, we have used a different approach. Inthis Base Station will transmit level packets with afixed time interval. Nodes other than base stationwill modify its level information according to givenalgorithm. At every next transmission base stationsends packets with level increased by one.

Algorithm Leveling (Packet P)// initially each node is assigned Node Level= -1;Beginif (P → Packet Type == LEVELING PACKET){

if (Node Level == -1){

Node Level:= P → Level;}else{

Forward packet P further;}

}end

Figure 1. Leveling by Base Station, there arethree different levels in the figure

3.2. Sectoring

After Leveling is completed, using this power anda directional antenna (with steerable beam), the sen-sor network is divided into equiangular (60 degree)Sectors in the clockwise or anti clock wise direction[14]. Here base station broadcast Sectoring BroadcastPacket (SBP), which gives respective sector IDs to var-ious sectors, like 1, 2, 3 etc and also assigns each nodeto their respective sector. Nodes have to store theirsector IDs also with their level information. There isone more advantage of using level and sector is that weneed not store any location information.

3.3. Neighbor Discovery

After each node gets its own sector and levelinformation, its neighbor discovery phase starts. Inthis phase, a node broadcasts “Hello” packet onlyonce, and wait for replies by its neighbors. “Hello”packet contains necessary fields like Source Node ID,Source Node LevelNo, Source Node SectorNo, TS.Here, TS is Time Stamp used to avoid replaying ofmessage. “Hello” packet data is encrypted by key MK.The receiver of “Hello” packet takes following actions.

Algorithm Neighbor Discovery ( Re-cived Packet P)//Packet P has necessary fields like Source Node ID,Source Node LevelNo, Source Node SectorNo, TS.// suppose packet is received by a node designated byReceving Node.BeginDecrypt the received packet P by master key MK;

145

if (P → Sector == Receving Node → Sector){

if(Already Present in Neighbor Database)// Do nothing;

else{

Add in the table and reply with a packet RPcontaining (Receiver Node id, Level, Sector, TS)encrypted by key MK;

}}end

When the neighbor discovery phase ends, each nodehas information about all the neighbors sharing samesector.

3.4. Key Computation

Generally pair wise key distribution schemes forWireless Sensor Networks are set up between neigh-bors. In our approach, we emphasize on setting sym-metric keys between neighbors in the same sector.Once the neighbor discovery phase ends, all nodes willcompute their respective keys with their neighbors IDs.Suppose a node i has three entries in its table j, k, mrespectively. It will compute in following manner.

Kij = SHA (MIN (i→NodeID, j→NodeID) + MAX(i→NodeID, j→NodeID) + MK);Kik = SHA (MIN (i→NodeID, k→NodeID) + MAX(i→NodeID, k→NodeID) + MK);Kim = SHA (MIN (i→NodeID, m→NodeID) + MAX(i→NodeID, m→NodeID) + MK);

Here ‘+’ is used as concatenation operator. Broad-cast key can be established in the same way with thehelp of Master key MK. Because a node uses broadcastkey to listen to broadcast made by their neighbors. Soa node should compute the broadcast keys of all itsneighbors. All the neighbors of j and itself node j willcompute its broadcast key in this manner.

BKj = SHA (j→NodeID + Sector ID + MK);Here, SHA is one way secure hash algorithm, which

produces a fixed length key for input of any length.There are many variants of Secure Hash Algorithm(SHA) like SHA-0, SHA-1, and SHA-2. We have usedSHA-1 specifically for this purpose which produces a160 bit output. In sensor networks SHA-1 is best suitedof the existing SHA hash functions, and is employed inseveral widely used security applications and protocols.After computation of all the keys with their neighbors,all nodes will delete their master key. So, if at a laterstage, a node gets compromised, it affects only small

part of network. Master key deletion will be done aftersome seconds after a network is deployed. So there isa very little probability of an adversary.s presence. Itis already shown in [17].

3.5. Supplement Key Phase

This phase will start when a new node is added tothe network. So ideally, it should gain informationabout its neighbor.s nodeIDs and its own leveling, sec-toring information. We are assuming that a guest nodehas the Master key MK and Guest Node key GN. Thewhole procedure will work as follows:Step 1 : Guest Node will broadcast “Hello” message toall its neighbors. “Hello” message will be encrypted byGN key, because MK is already deleted from neighbor-ing node.s memory.Step 2 : Neighboring nodes will respond with their IDs,level and sector information.Step 3 : Guest Node will check from which level andsector, it got maximum messages. It will assign itselfwith that level and sector. In case of tie, it will chooseanyone.Step 4 : After assigning itself with level and sector in-formation it will send reply message to nodes which liesin the same sector, containing its IDs, so that neighbor-ing nodes can also compute the pair wise and broadcastkeys for Guest Node.

All the communication described above will be en-crypted by GN key that is available with each nodeto give scalability to protocol. We will be extendingthis phase further with addition of a supporting trustframework to check integrity of Guest Node

4. Implementation and Simulation Re-sults

For implementation of above proposed protocol, wehave used TinyOS 2.x1, a popularly used operating sys-tem for sensor networks. We have developed the wholeprotocol using NesC language compatible with TinyOSbecause the code of this protocol can be used in realtime without any modification. For testing purpose,we created a simulation test bed of 36 Mica2 nodesand one base station arranged in standard grid topol-ogy in Avrora Emulator2. Here base station is used toassign level and sectors dynamically to all the sensornetwork nodes. But to analyze the protocol and pernode power consumption, we have kept the number ofnodes in test bed network low. It can be extended to

1http://www.tinyos.net2http://www. compilers.cs.ucla.edu/avrora/

146

any number of nodes. Without loss of generality, wehave divided whole sensor network topology into 4 dif-ferent sectors (quadrant). We have implemented twokey management protocols on above described simula-tion test bed. First one is implemented without levelingand sectoring. In this nodes try to establish pair wisekeys with all its neighbors. The size of pair wise andbroadcast key is of 80 bits each. So the total overheadfor a random picked node in storing all the pair wiseand broadcast keys is equal to

Total Storage Overhead = [(size of (BK) + size of(Kab))*N + size of (GN)].

In the above equation, N is total number of neigh-bors for the node and a, b are notation for two neigh-boring nodes. Secondly, we have implemented our pro-posed approach with leveling and sectoring. Levelingand sectoring is done dynamically by base station, soit can be extended to any number of nodes. Sectoringreduces neighbors of a node to some extent, for whichpair wise key establishment is required. Suppose it re-duces M number of neighbors out of N. So total storageoverhead for a node in our protocol is

Total Storage Overhead = [(size of (BK) + size of(Kab))*(N-M) + size of (GN)].

For a grid topology of 36 nodes, value of M can varyfrom 0 to 3.In this topology; a node can have maxi-mum of 8 neighbors. If N=3,then a node can save upto 480 bits in key storage, which is very much signifi-cant for Mica2 motes having 4KB of RAM. Storage ef-ficiency will improve as the density or number of nodesincreases because for M=3 and N=8, we are gaining37.5 Saving in energy is achieved by less communica-tion and computation during key establishment. Be-cause all the nodes which received .Hello. packet fromother sectors do not reply. Also, due to less numbers ofneighboring nodes in the sector, a node has to computefewer keys.

0 5 10 15 20 25 30 350.3992

0.3994

0.3996

0.3998

0.4

0.4002

0.4004

0.4006

0.4008

NodeIDs

Ene

rgy

Con

sum

ptio

n (J

oule

s)

Our Approach

Usual Approach

Figure 2. Power Consupmtion Comparison

5. Mathematical Modeling

Suppose we have M x M grid structure of a sensornetwork. Without loss of generality, we assume thatwe have divided the whole network into four differentsectors and N different levels. Each sector will containM2 /4 number of nodes. However, according to pro-posed algorithm only sector boundary nodes will savespace as well as energy. Number of boundary nodes ina sector will be M-1.So total number of boundary nodesare in a Grid based sensor network will be (4xM-4).

Probability that a random selected node will savespace and energy = (4M-4) / (M2).

In our case if we take M=6, the probability of savingspace for a particular node will be 5/9. As we increasethe number of sectors from 4 to 6, the probability cer-tainly increase as number of boundary nodes increases.

6. Conclusion and Future Work

We have proposed a distributed energy efficient keydistribution protocol fully implemented in TinyOS andtested in Avrora. We will be soon posting our wholeapplication code in TinyOS contributory section. Ithas proven fact that use of leveling and sectoring con-trols the information flow in right manner for WSNs.We have tested its feasibility for key management also.We have achieved significant reduction in power con-sumed by use of sectoring. However, we did not useleveling for reducing node neighbors. But its presenceis crucial in routing for directional information flow.Leveling will also ensure that information will alwaysbe directed towards base station. Proposed key man-agement protocol is also resilient to node compromiseattacks. However, one limitation that we can see inthis protocol is in Supplement key phase, which is usedto accept a new node in Network. For that reason, wewill be designing a supporting trust framework thatcan identify if a guest node is compromised one or anIntruder.

References

[1] Q. D. andx Donggang Liu. Using auxiliary sensorsfor pairwise key establishment in wsn. In Networking,pages 251–262, 2007.

[2] S. A. Camtepe and B. Yener. Key distribution mech-anisms for wireless sensor networks: a survey. 2005.

[3] H. Chan, A. Perrig, and D. Song. Random key predis-tribution schemes for sensor networks. pages 197–213,2003.

[4] S. J. Choi and H. Y. Youn. An efficient key pre-distribution scheme for secure distributed sensor net-works. In EUC Workshops, pages 1088–1097, 2005.

147

[5] W. Du, J. Deng, Y. S. Han, S. Chen, and P. K. Varsh-ney. A key management scheme for wireless sensornetworks using deployment knowledge. volume 1, page597, 2004.

[6] M. Eltoweissy, M. Moharrum, and R. Mukkamala. Dy-namic key management in sensor network. pages 122–130. IEEE Communications magazine, 2006.

[7] M. Eltoweissy, A. Wadaa, S. Olariu, and L. Wilson. AdHoc Networks, 3(5):668 – 688, 2005. Data Communi-cation and Topology Control in Ad Hoc Networks.

[8] L. Eschenauer and V. D. Gligor. A key-managementscheme for distributed sensor networks. In CCS ’02:Proceedings of the 9th ACM conference on Computerand communications security, pages 41–47, New York,NY, USA, 2002. ACM.

[9] K. Ghumman. Location-aware combinatorial keymanagement scheme for clustered sensor networks.IEEE Trans. Parallel Distrib. Syst., 17(8):865–882,2006. Senior Member-Younis, Mohamed F. and Se-nior Member-Eltoweissy, Mohamed.

[10] D. Huang, M. Mehta, D. Medhi, and L. Harn.Location-aware key management scheme for wirelesssensor networks. In SASN ’04: Proceedings of the 2ndACM workshop on Security of ad hoc and sensor net-works, pages 29–42, New York, NY, USA, 2004. ACM.

[11] D. Liu and P. Ning. Establishing pairwise keys in dis-tributed sensor networks. In CCS ’03: Proceedings ofthe 10th ACM conference on Computer and commu-nications security, pages 52–61, New York, NY, USA,2003. ACM.

[12] D. Liu and P. Ning. Location-based pairwise key es-tablishments for static sensor networks. In SASN ’03:Proceedings of the 1st ACM workshop on Security ofad hoc and sensor networks, pages 72–82, New York,NY, USA, 2003. ACM.

[13] D. Liu and P. Ning. 2005. Improving Key Pre-Distribution with Deployment Knowledge in StaticSensor Networks.

[14] M. A. Mirza and R. Garimella. Pascal: Power awaresectoring based clustering algorithm for wireless sensornetworks. In proceedings of ICOIN09, 2009.

[15] A. Perrig, J. Stankovic, and D. Wagner. Security inwireless sensor networks. Commun. ACM, 47(6):53–57, 2004.

[16] W. Perrig, Szewczyk and T. Culler. Spins: Securityprotocols for sensor networks. In Proceedings of Sev-enth Annual International Conference on Mobile Com-puting and Networks, 2001.

[17] H. Soroush, M. Salajegheh, and T. Dimitriou. Provid-ing transparent security services to sensor networks.In ICC, pages 3431–3436, 2007.

[18] D. S. Wong and A. H. Chan. Efficient and mutuallyauthenticated key exchange for low power computingdevices. In ASIACRYPT, pages 272–289, 2001.

[19] Z. Yu and Y. Guan. A key pre-distribution schemeusing deployment knowledge for wireless sensor net-works. In Proceedings of ACM/IEEE InternationalConference on Information Processing in Sensor Net-works, 2005.

148